Skip to content

Static analysis with Coverity #63

Static analysis with Coverity

Static analysis with Coverity #63

Workflow file for this run

---
name: Static analysis with Coverity
on:
workflow_run: # to allow coverity to be run for forked branches, run this on the head branch but checkout the original head
workflows:
- dispatch_coverity
types:
- completed
push:
tags: 11\.[0-9]+\.[0-9]+ # run on each version release
schedule:
- cron: '0 0 15 * *' # request run on the 15. of every month
jobs:
coverityscan:
name: Static analysis with Coverity
runs-on: ubuntu-18.04
environment: coverity # environment needs to be manually triggered only use on demand
steps:
- name: Checkout branch on that the Coverity scan was dispatched
uses: actions/checkout@v3
if: ${{ github.event_name == 'workflow_run' }}
with:
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 25
- uses: actions/checkout@v3
if: ${{ github.event_name != 'workflow_run' }}
with:
fetch-depth: 25
- name: Set version environment for version string
run: |
export REV=${GITHUB_REF#refs/*/}
echo "REVISION=${REV/\//-}" >> $GITHUB_ENV
if [[ "${GITHUB_REF#refs/tags/}" =~ ^11\.[0-9]*\.[0-9]*$ ]]; then
echo "CHANGELIST=" >> $GITHUB_ENV
else
echo "CHANGELIST=-SNAPSHOT" >> $GITHUB_ENV
fi
echo "github ref: ${GITHUB_REF}"
echo "setting env:"
cat ${GITHUB_ENV}
- name: Cache the Maven packages to speed up build
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Set up JDK11
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'adopt'
- name: Download Coverity Build Tool
run: |
wget -q https://scan.coverity.com/download/java/Linux --post-data "token=$TOKEN&project=chart-fx" -O cov-analysis-linux64.tar.gz
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
env:
TOKEN: ${{ secrets.COVERITY_TOKEN }}
- name: Build with cov-build
run: |
export PATH=`pwd`/cov-analysis-linux64/bin:$PATH
cov-build --dir cov-int mvn clean test --batch-mode -Drevision=${REVISION} -Dchangelist=${CHANGELIST}
- name: Submit the result to Coverity Scan
run: |
tar czvf chartfx.tgz cov-int
curl -sS \
--form project=chart-fx \
--form token=$TOKEN \
--form email=${COVERITY_EMAIL} \
--form [email protected] \
--form version=${{ github.ref }}\
--form description="Description" \
https://scan.coverity.com/builds?project=chart-fx
env:
TOKEN: ${{ secrets.COVERITY_TOKEN }}
COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}
...